Latest Espionage Case Underlines Threat

An industrial espionage ring currently under investigation in Israel is the largest case seen to date, said one security expert Tuesday, and likely to repeat itself in the future.

Police in Tel Aviv are currently investigating 18 individuals in Israel and London involved in a scheme to grab sensitive corporate information from competitors and use it to gain an advantage in bids for service and garner information on the competitors’ corporate networks.

According to the authorities, the industrial espionage was perpetrated using a Trojan horse attached to e-mails, which were then subsequently installed by company employees. With the application in place, they said, information taken from corporate hard drives was sent to FTP servers located around the world.

The report also notes Interpol and the U.S. FBI were notified of the espionage ring, though FBI officials were not available for comment at press time.

The crimes were allegedly conducted at the behest of individual companies by several Israeli private investigations firms. Executives at Israeli-based telecom Bezeq reported over the weekend to the Tel Aviv Stock Exchange that officials from two of its subsidiaries, Pelephone and DBS Satellite Services, were involved in the espionage ring.

Bezeq itself was one of the victims of the activities, the statement read, and company officials were summoned by police to assess the extent of the damage caused by the leaked information.

According to officials in the statement, Pelephone denied any knowledge of the illegal activities while DBS Satellite officials maintained that any illegal activities conducted on its behalf were done in “direct contravention of its instructions,” the statement read.

According to Maksym Schipka, senior anti-virus researcher at security firm MessageLabs, traditional anti-virus solutions aren’t enough to prevent companies from being victims themselves. Since they are targeted and tailored specifically to the intended company, he said, they are usually enough to bypass the virus definitions that stop the majority of the Internet’s malware .

Schipka said that his company discovers one or two cases a month that fall under this category of crime and are eliminated once found. Despite the publicity and law enforcement interest in the Israel case, he expects to see it again.

“Without a doubt,” he said, “industrial espionage, or any type of espionage, is a good way to achieve pretty much any target; it’s a good way to apply pressure; it’s a good way to make to make some easy money from what you’ve learned from stealing the data.”

The mainstream adoption of the Internet is one of the culprits for the ease of e-mail-borne industrial espionage tools, Schipka said, but not the only method. He said it’s almost as easy to get an employee to install a piece of malware on a company computer as it is for a virus writer to get an employee to open an attachment or click on a link to an infected Web site.

Employees who might balk at stealing the information on the company network themselves might not feel as guilty if they just load a program on a computer and never have to deal with it again, he added.

News Around the Web